[LINK] Medicare the base for e-health IDs

Wed Jun 24 09:48:06 AEST 2009

Medicare the base for e-health IDs
Karen Dearne
June 23, 2009
The Australian
http://www.australianit.news.com.au/story/0,24897,25679209-15306,00.html

PATIENTS' medical records will be linked across health providers using 
the present Medicare number and card, under the $98 million Unique 
Healthcare Identifier (UHI) program being developed by the National 
E-Health Transition Authority.

Few details of the planned UHI service have been revealed to date, 
despite the January 2010 deadline for completion of the project's design 
and build. The work has been directed by the Australian Health 
Ministers' Council (AHMC) and funded by the Council of Australian 
Governments

Although healthcare providers - doctors, pharmacists, community clinics 
and hospital administrators, in both the public and private arenas - 
will be issued with highly secure smartcards using PKI-based identity 
verification, consumers' individual healthcare numbers (IHIs) will be 
accessed by linking through the old Medicare number.

The stronger credentials for medical professionals will be managed 
through the planned National Authentication Service for Health (NASH), 
an extension of Medicare's existing arrangements to securely identify 
doctors accessing the agency's systems for claiming or payment transactions.

Individual healthcare identifiers have been touted as a key building 
block in the nationwide shift to e-health systems, with the free-flowing 
exchange of people's health records set to revolutionise patient care 
through improved safety and quality outcomes, together with greater 
efficiencies, cost savings and a wealth of new opportunities through 
telemedicine, remote monitoring of chronic disease and public health 
surveillance.

Eventually, the plan is for each person to have an individual e-health 
record, which holds their personal details; a summary health profile 
that can be shared with the person's permission between treating 
doctors; event summaries such as hospital discharge reports, care plans 
and test results, and a self-care management record where people can add 
their own material.

But consumer and privacy groups may be disappointed by the barebones 
approach outlined to The Australian, in response to questions put to 
NEHTA, Medicare Australia - which is creating the UHI system under 
contract to NEHTA - and federal Health Minister Nicola Roxon.

It appears Ms Roxon has been mistaken in her recent comments that 
patients will access their health records through a smartcard.

Instead, doctors or staff members will have to call up a person's shared 
record via the Medicare number, together with the existing, additional 
family member number.

"The IHI is simply an identifier that will facilitate the secure 
transmission of health information," a NEHTA spokeswoman said. "The IHI 
will predominantly be retrieved using an individual's Medicare number as 
opposed to a 'look-up' system, but separate security and authentication 
processes will be put in place regarding the actual use of the IHI in 
relation to health records.

"If an individual does not have a Medicare card, their healthcare 
provider will be able to use demographic information to obtain an IHI 
from the service. A patient will normally be asked to provide only his 
or her name and date of birth."

This approach assumes Medicare's well-publicised difficulties with data 
quality - mailing out replacement cards to deceased persons, 
duplications and other errors, and fake cards circulating in the black 
market - have been fixed.

Another issue involves ensuring the proper separation of data in the new 
registration and record databases from Medicare's financial transactions 
and business operations.

The spokeswoman said Medicare's solution "will ensure that the correct 
segregation of databases and systems occurs through appropriate security 
controls".

"Effectively, there will be compliance, legislative and regulatory 
drivers to ensure these two processes are both logically and physically 
separated."

Healthcare identifiers were intended to minimise the risk of 
mis-identification arising in e-health record systems, she said. Changes 
of address, or the correction of errors, would need to be managed 
through service operator channels.

Meanwhile, a spokesman for Human Services Minister, Chris Bowen, 
confirmed the government does not have a Medicare smartcard project for 
consumers under way.

"The Medicare card is an administrative token used to help administer 
Medicare and its related programs, such as the Pharmaceutical Benefits 
Scheme," he said. "The (present) card does this job efficiently and 
effectively, and there is no requirement to convert the card into a 
smartcard."

The spokesman said Medicare was doing the UHI work under contract, and 
had no responsibility for decisions on design or formats.

"These decisions will ultimately by made by the various health ministers 
guided by the broader work being done by NEHTA," he said.

A smartcard was only "one of many possible options for holding the UHI", 
and the present work was intended "to keep those many these options 
open", he said.

The NEHTA spokeswoman denied there had been delays due to decisions yet 
to be made on key questions of storage arrangements for IHIs and access 
mechanisms, and said the project would be ready on time, provided 
consultations on policy issues, governance arrangements and new 
supporting legislation were concluded promptly.

"By December, Medicare will have completed the capability to allocate 
and manage the healthcare provider identifiers, and once the necessary 
legislative framework is in place, operations can commence," she said. 
"The identifiers will then be available from mid-2010, following 
introduction of the necessary legislation."

Eventually, around 500,000 healthcare providers will have their e-health 
transactions authenticated through the NASH, up from 50,000 using 
Medicare's service today.

The AHMC announced in March that continuing consultation on identifiers 
and privacy protections would occur later this year with consumer groups 
and other stakeholders.

"A consultation process is currently being finalised," she said. "It is 
expected this process may identify new issues related to UHIs, and these 
will be addressed."

The spokeswoman said NEHTA would release a third, independent, Privacy 
Impact Assessment report on the UHI scheme when it was completed; 
neither of the two previous PIAs have been made public.

-- 

Regards
brd

Bernard Robertson-Dunn
Canberra Australia
brd at iimetro.com.au